Professionalism in Practice: Malware, Malevolent Online Practices, & Threat Modeling

Flashcards covering malware, malevolent online practices, and threat modeling concepts discussed in the Week 14 lecture.

What principle states that people are often the weakest link in the security chain?

The Weakest Link Principle

What factors are often targeted by exploiting software and information systems?

Human factors like social engineering and unintentional errors, and technology vulnerabilities like outdated apps or OS defects.

What predictable sequence of letters sent out by one particular German operator help crack the Enigma code?

CILLY

What is malware?

Any software designed to cause harm to computer systems, networks, or users.

Name 6 Types of Malware

Virus, Worms, Trojans, Ransomware, Zombie, Botnets

How does Virus spread?

Spreads through infected files

How do Worms spread?

Exploits security flaws to propagate over networks

How do Trojans spread?

Delivered through phishing or malicious downloads

How does Ransomware spread?

Typically, via phishing emails or infected websites

How does Zombie malware spread?

Zombies can be created by any malware, i.e., Trojans or worms

How do Botnets spread?

Malware infiltrates devices, turning them into bots that can be used for malicious purposes

What is a DDoS attack?

A distributed denial of service attack; when a hacker makes a website or other service inaccessible by flooding it with requests from many different devices

Describe 5 ways Malware Gains Access

Phishing Emails, Exploiting Vulnerabilities, Social Engineering, Malicious Websites/Ads, Infected Software/Downloads

Who are the Malware Practitioners?

Cybercriminals, Hacktivists, State-Sponsored Actors, Script Kiddies, Cybersecurity Researchers

What is Phishing?

Spam emails containing a convincing hyperlink that looks like it’s from a trusted source used to trick victims into entering personal info

What is Spear-Phishing?

A more targeted and personalized form of phishing where attackers tailor their fraudulent messages to a specific individual or organization

What is Social Engineering?

"Hacking without code" but relying on the principle of trust to convince the victim to trust them, ask for money/details

What is Grooming?

Gaining trust of a victim by being nice over time and then getting the victim to reveal information about themselves or involve them in a crime unknowingly

What is Online Stalking?

Obsessively following or watching a person without their knowledge

What is Doxing?

Publishing private data (addresses, phone numbers) with malicious intent

What are Deepfakes

AI‐generated images, videos, or audio that appear real used for impersonation, creating fake evidence, or spreading misinformation

Define Misinformation

Sharing false or misleading information unintentionally

Define Disinformation

Deliberate spread of false information to manipulate or deceive

What is threat modelling?

A technique within the security lifecycle to analyze a system’s security & privacy concerns

Name the 5 Key phases of Threat Modelling

Asset Identification, Threat Analysis, Vulnerability Analysis, Risk Assessment, Risk Communication

What is a Threat Agent?

Someone or something that can cause harm; can be classified as natural, accidental or malicious.

Name the two Threat Modeling Frameworks cited in the lecture.

STRIDE and DREAD

What does STRIDE stand for?

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege

What does DREAD stand for?

Damage Potential, Reproducibility, Exploitability, Affected Users, Discoverability